PDF static analysis report

Static analysis result for SHA-256 5fb4d4abc7764fe3…

SUSPICIOUS

PDF

56.6 KB Created: 2021-04-05 23:31:13 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-29
MD5: cc48fb44a5eefb3aecb08964cc39e549 SHA-1: 803b9f085c9fcc537efe1b2fc02b2590f8e6428c SHA-256: 5fb4d4abc7764fe36eb458f9f004cec3d1d391f8bf2ff480b0580eda1a87f308
42 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF document contains multiple embedded URLs, with a primary focus on lures related to hacking Roblox accounts. The ML classifier flagged this PDF as malicious, and the presence of a 'download button' heuristic further supports a malicious intent. While no scripts were explicitly extracted, the document's structure and embedded URIs suggest it's designed to trick users into navigating to potentially harmful external resources.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7795

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/how-do-u-hack-someones-account-on-roblox PDF link annotation
    • http://businessmart.ro/images/how-do-i-get-free-robux-easy.pdfIn PDF document text
    • https://www.iadh.bi/images/get-free-robux-denis.pdfIn PDF document text
    • https://corbo.ru/images/hacked-roblox-account-and-banned.pdfIn PDF document text
    • http://www.cosver.nl/images/free-roblox-wallpaper.pdfIn PDF document text
    • https://pa-waingapu.go.id/images/2021-roblox-hack-no-adfly.pdfIn PDF document text
    • http://instrutech.co.th/images/i-will-hack-and-kill-you-parent-roblox-group.pdfIn PDF document text
    • http://www.inservis.cl/images/free-promocode-roblox-november.pdfIn PDF document text
    • http://loszavera.com/images/roblox-fe-btools-script-hack.pdfIn PDF document text
    • http://alexandrion.com/images/aimbot-roblox-free.pdfIn PDF document text
    • http://poltekkeskhjogja.ac.id/images/roblox-hacker-skin-transparent.pdfIn PDF document text
    • http://paro.net.ua/images/how-to-hack-roblox-for-beginners.pdfIn PDF document text
    • http://arcnjournals.org/images/how-to-get-free-robux-on-computer-hack-inspecting.pdfIn PDF document text
    • http://www.torvet11.dk/images/2021-roblox-reach-hacks.pdfIn PDF document text
    • http://ivanitskyvs.ru/images/roblox-mods-free.pdfIn PDF document text
    • http://stomatolog-choszczno.pl/images/gg-robux-free-generator.pdfIn PDF document text
    • http://plantas.net/images/roblox-robux-hack-free-robux-generator.pdfIn PDF document text
    • https://gafaseo.com/images/free-roblox-accounts-2021-april.pdfIn PDF document text
    • https://koeltotaal.com/images/red-kine-cheat-roblox.pdfIn PDF document text
    • https://waterpark.by:443/images/how-to-do-script-hacks-on-roblox.pdfIn PDF document text
    • http://jenne-technik.de/images/royale-high-roblox-outfit-hacks.pdfIn PDF document text
    • https://www.abrapppe.org.br/images/80-robux-for-free.pdfIn PDF document text
    • https://www.millatgears.com/images/free-roblox-account-generator-old-accounts.pdfIn PDF document text
    • https://www.millatgears.com/images/how-to-get-free-bucks-in-adopt-me-roblox-2021.pdfIn PDF document text
    • http://mmech.com/images/wwwmyrealgamescom-genres-freegamesdownload-index3html-roblox.pdfIn PDF document text
    • https://sanjoseelectricians.net/images/hack-for-assasin-roblox.pdfIn PDF document text
    • http://www.adravietnam.org/images/is-hacking-on-roblox-illegal.pdfIn PDF document text
    • https://gryps.de/images/how-to-make-acount-for-intriga-roblox-hack.pdfIn PDF document text
    • http://infoagronomia.com.ar/images/hacking-in-to-deniss-roblox-account.pdfIn PDF document text
    • http://modenese.net/images/how-to-get-free-robux-2021-may-12-no-websites.pdfIn PDF document text
    • http://biotronics.com.cy/images/how-to-hack-on-roblox-btools.pdfIn PDF document text
    • http://ohsawamacrobiotics.com/images/how-do-i-get-robux-for-free-without-paying-dollars.pdfIn PDF document text
    • http://babyxpress.de/images/how-to-hack-on-roblox-deinsdaily.pdfIn PDF document text
    • http://linens.kiev.ua/images/roblox-set-hack-com.pdfIn PDF document text
    • https://verdensbarn.no/images/earn-robux-for-freecom.pdfIn PDF document text
    • http://gods-own.org/images/code-hack-nick-roblox.pdfIn PDF document text
    • https://zapoj-kharkov.com.ua/images/roblox-cheats-how-to-get-free-vip.pdfIn PDF document text
    • http://unc-europe.com/images/roblox-apocalypse-rising-spawn-hack.pdfIn PDF document text
    • https://pneukalousek.cz/images/robux-generator-for-free.pdfIn PDF document text
    • http://www.lovecraftiana.com.ar/images/roblox-1x1x1x1-hack-music.pdfIn PDF document text
    • http://pa-bengkulukota.go.id/images/zoo-tycoon-cheats-roblox.pdfIn PDF document text
    • http://xn--hrtetechnik-steinbach-51b.de/images/free-robux-money-no-human-verification.pdfIn PDF document text
    • http://www.brtes.com/images/free-online-games-for-toddlers-age-4-like-roblox.pdfIn PDF document text
    • https://www.olboys.it/images/roblox-hack-robux-ohne-handynummer.pdfIn PDF document text
    • http://xn--apartementos-smfora-cala-ratjada-4vc.de/images/dank-roblox-hacks.pdfIn PDF document text
    • https://www.brainpads.com/images/free-robux-gameguardian.pdfIn PDF document text
    • http://dos.most.gov.la/images/i-got-free-robux.pdfIn PDF document text
    • https://kimolos-link.gr/images/f12-hack-roblox.pdfIn PDF document text
    • https://gzog.pl/images/redeem-free-robux-code.pdfIn PDF document text
    • http://www.mediaxin.net/images/cheat-roblox-lumber-tycoon-2-terbang.pdfIn PDF document text
    +12 more URL(s)

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000081c0.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x81C0 24028 bytes
SHA-256: fd84a6ed22cd2ff55bae34b8c63e45ad16914c9231fe3285511a5c48c00e5554
font_01_sfnt_off0000b843.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xB843 18772 bytes
SHA-256: afebdc5a721d3173df4aab6a326a91b6fda3c768deb320703f89d7eefbbbdfaa